Compare commits
No commits in common. "c691bae4f301c1d0a28d39ed5f33324bff0dc496" and "bd62ef48c2aaba62a34e5e06e20a79a192482c6f" have entirely different histories.
c691bae4f3
...
bd62ef48c2
24
flake.lock
24
flake.lock
|
@ -7,11 +7,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673301561,
|
"lastModified": 1665870395,
|
||||||
"narHash": "sha256-gRUWHbBAtMuPDJQXotoI8u6+3DGBIUZHkyQWpIv7WpM=",
|
"narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
|
||||||
"owner": "ryantm",
|
"owner": "ryantm",
|
||||||
"repo": "agenix",
|
"repo": "agenix",
|
||||||
"rev": "42d371d861a227149dc9a7e03350c9ab8b8ddd68",
|
"rev": "a630400067c6d03c9b3e0455347dc8559db14288",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -89,11 +89,11 @@
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673343300,
|
"lastModified": 1672770368,
|
||||||
"narHash": "sha256-5Xdj6kpXYMie0MlnGwqK5FaMdsedxvyuakWtyKB3zaQ=",
|
"narHash": "sha256-iO6Z9blIe8dcPh3VT2nkej9EimORCoskGQR6xNjICWI=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "176e455371a8371586e8a3ff0d56ee9f3ca2324e",
|
"rev": "d01e7280ad7d13a5a0fae57355bd0dbfe5b81969",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -151,11 +151,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673450908,
|
"lastModified": 1672617983,
|
||||||
"narHash": "sha256-b8em+kwrNtnB7gR8SyVf6WuTyQ+6tHS6dzt9D9wgKF0=",
|
"narHash": "sha256-68WDiCBs631mbDDk4UAKdGURKcsfW6hjb7wgudTAe5o=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "6c8644fc37b6e141cbfa6c7dc8d98846c4ff0c2e",
|
"rev": "0fc9fca9c8d43edd79d33fea0dd8409d7c4580f4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -198,11 +198,11 @@
|
||||||
"nixpkgs": "nixpkgs_3"
|
"nixpkgs": "nixpkgs_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673490397,
|
"lastModified": 1672712534,
|
||||||
"narHash": "sha256-VCSmIYJy/ZzTvEGjdfITmTYfybXBgZpMjyjDndbou+8=",
|
"narHash": "sha256-8S0DdMPcbITnlOu0uA81mTo3hgX84wK8S9wS34HEFY4=",
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "rust-overlay",
|
"repo": "rust-overlay",
|
||||||
"rev": "0833f4d063a2bb75aa31680f703ba594a384ffe6",
|
"rev": "69fb7bf0a8c40e6c4c197fa1816773774c8ac59f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
64
flake.nix
64
flake.nix
|
@ -29,28 +29,8 @@
|
||||||
,...
|
,...
|
||||||
}@_inputs: let
|
}@_inputs: let
|
||||||
# Context/global stuffs to be passed down
|
# Context/global stuffs to be passed down
|
||||||
# NOTE: this will only read files that are within git tree
|
|
||||||
# all secrets should go into secrets.nix and secrets/*.age
|
|
||||||
proj_root = let
|
|
||||||
path = builtins.toString ./.;
|
|
||||||
in {
|
|
||||||
inherit path;
|
|
||||||
configs.path = "${path}/native_configs";
|
|
||||||
scripts.path = "${path}/scripts";
|
|
||||||
secrets.path = "${path}/secrets";
|
|
||||||
testdata.path = "${path}/tests";
|
|
||||||
modules.path = "${path}/modules";
|
|
||||||
hosts.path = "${path}/hosts";
|
|
||||||
users.path = "${path}/users";
|
|
||||||
};
|
|
||||||
# TODO: adapt to different platforms think about different systems later
|
# TODO: adapt to different platforms think about different systems later
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
overlays = [
|
|
||||||
rust-overlay.overlays.default
|
|
||||||
(self: pkgs@{lib,...}: {
|
|
||||||
lib = pkgs.lib // (import ./lib (_inputs // {inherit pkgs proj_root;}));
|
|
||||||
})
|
|
||||||
];
|
|
||||||
pkgs = import nixpkgs {
|
pkgs = import nixpkgs {
|
||||||
inherit system;
|
inherit system;
|
||||||
overlays = import ./overlays.nix _inputs;
|
overlays = import ./overlays.nix _inputs;
|
||||||
|
@ -58,13 +38,31 @@
|
||||||
allowUnfree = true;
|
allowUnfree = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
# now, this lib is extremely powerful as it also engulfs nixpkgs.lib
|
|
||||||
# TODO: I really don't want to extend from nixpkgs.lib because it doesn't extend lib within nixosModule
|
|
||||||
lib = nixpkgs.lib.extend (self: nixpkgs_lib: (nixpkgs_lib // pkgs.lib));
|
|
||||||
inputs_w_lib = (pkgs.lib.recursiveUpdate _inputs {
|
|
||||||
inherit system proj_root pkgs lib;
|
|
||||||
});
|
|
||||||
|
|
||||||
|
# inject nixpkgs.lib onto c_ (calculus)
|
||||||
|
_lib = pkgs.lib;
|
||||||
|
inputs = (_lib.recursiveUpdate {
|
||||||
|
inherit system;
|
||||||
|
# NOTE: this will only read files that are within git tree
|
||||||
|
# all secrets should go into secrets.nix and secrets/*.age
|
||||||
|
proj_root = let
|
||||||
|
path = builtins.toString ./.;
|
||||||
|
in {
|
||||||
|
inherit path;
|
||||||
|
configs.path = "${path}/native-configs";
|
||||||
|
scripts.path = "${path}/scripts";
|
||||||
|
secrets.path = "${path}/secrets";
|
||||||
|
testdata.path = "${path}/tests";
|
||||||
|
modules.path = "${path}/modules";
|
||||||
|
hosts.path = "${path}/hosts";
|
||||||
|
users.path = "${path}/users";
|
||||||
|
};
|
||||||
|
} _inputs);
|
||||||
|
inputs_w_pkgs = (_lib.recursiveUpdate {inherit pkgs; lib = pkgs.lib;} inputs);
|
||||||
|
lib = _lib.recursiveUpdate (import ./lib inputs_w_pkgs) _lib;
|
||||||
|
|
||||||
|
# update inputs with our library and past onto our end configurations
|
||||||
|
inputs_w_lib = (lib.recursiveUpdate {inherit lib;} inputs_w_pkgs);
|
||||||
modules = (import ./modules inputs_w_lib);
|
modules = (import ./modules inputs_w_lib);
|
||||||
hosts = (import ./hosts inputs_w_lib);
|
hosts = (import ./hosts inputs_w_lib);
|
||||||
users = (import ./users inputs_w_lib);
|
users = (import ./users inputs_w_lib);
|
||||||
|
@ -85,24 +83,18 @@
|
||||||
expected = "for sure";
|
expected = "for sure";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
secrets = import ./secrets final_inputs;
|
|
||||||
|
|
||||||
in {
|
in {
|
||||||
inherit (hosts) nixosConfigurations;
|
inherit (hosts) nixosConfigurations;
|
||||||
inherit (users) homeConfigurations;
|
# inherit (users) homeConfigurations;
|
||||||
inherit lib proj_root;
|
inherit lib;
|
||||||
devShell."${system}" = import ./dev-shell.nix final_inputs;
|
devShell."${system}" = import ./dev-shell.nix final_inputs;
|
||||||
templates = import ./templates final_inputs;
|
templates = import ./templates final_inputs;
|
||||||
secrets = {
|
|
||||||
pubKeys = {
|
|
||||||
hosts = hosts.pubKeys;
|
|
||||||
users = users.pubKeys;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
unit_tests = lib.runTests unit_tests;
|
unit_tests = lib.runTests unit_tests;
|
||||||
|
secrets = import ./secrets final_inputs;
|
||||||
debug = {
|
debug = {
|
||||||
inherit final_inputs hosts users modules lib unit_tests pkgs;
|
inherit final_inputs hosts users modules lib inputs_w_pkgs unit_tests pkgs;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,7 +8,6 @@
|
||||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
# boot.initrd.kernelModules = [ "amdgpu" ];
|
# boot.initrd.kernelModules = [ "amdgpu" ];
|
||||||
boot.initrd.kernelModules = [];
|
boot.initrd.kernelModules = [];
|
||||||
|
|
|
@ -10,13 +10,11 @@ config = {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
preset = "base";
|
preset = "base";
|
||||||
};
|
};
|
||||||
# TODO: add override so that we can add wsl config on top
|
|
||||||
bao.nixosConfig = {
|
bao.nixosConfig = {
|
||||||
modules = [
|
modules = [
|
||||||
(import ../modules/nvgpu.sys.nix)
|
import ../modules/kde.sys.nix
|
||||||
(import ../modules/kde.sys.nix)
|
import ../modules/pulseaudio.sys.nix
|
||||||
(import ../modules/pulseaudio.sys.nix)
|
import ../modules/storage.perso.sys.nix
|
||||||
(import ../modules/storage.perso.sys.nix)
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -31,45 +29,36 @@ propagate = hostConfig@{metadata, nixosConfig}: let
|
||||||
preset = lib.attrByPath ["preset"] "base" metadata;
|
preset = lib.attrByPath ["preset"] "base" metadata;
|
||||||
# infer
|
# infer
|
||||||
hardwareConfig = import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix";
|
hardwareConfig = import "${proj_root.hosts.path}/${hostName}/hardware-configuration.nix";
|
||||||
# alias to prevent infinite recursion
|
|
||||||
_nixosConfig = nixosConfig;
|
|
||||||
in {
|
in {
|
||||||
inherit hostName ssh_pubkey users nixosVersion system preset hardwareConfig;
|
inherit hostName ssh_pubkey users nixosVersion system preset hardwareConfig;
|
||||||
nixosConfig = _nixosConfig // {
|
nixosConfig = nixosConfig // {
|
||||||
inherit system;
|
inherit system;
|
||||||
|
lib = finalInputs.lib;
|
||||||
modules = [
|
modules = [
|
||||||
{
|
|
||||||
config._module.args = {
|
|
||||||
inherit proj_root;
|
|
||||||
my-lib = finalInputs.lib;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
hardwareConfig
|
|
||||||
{
|
{
|
||||||
system.stateVersion = nixosVersion;
|
system.stateVersion = nixosVersion;
|
||||||
networking.hostName = hostName;
|
networking.hostName = hostName;
|
||||||
users.users = users;
|
users.users = users;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
imports = [agenix.nixosModule];
|
_module.args = finalInputs;
|
||||||
environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
|
|
||||||
}
|
}
|
||||||
(import "${proj_root.modules.path}/secrets.nix")
|
import "${proj_root.modules.path}/secrets.nix"
|
||||||
(import "${proj_root.modules.path}/${preset}.sys.nix")
|
import "${proj_root.modules.path}/${preset}.sys.nix"
|
||||||
] ++ _nixosConfig.modules;
|
] ++ nixosConfig.modules;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
# we are blessed by the fact that we engulfed nixpkgs.lib.* at top level
|
|
||||||
mkHostFromPropagated = propagatedHostConfig@{nixosConfig,...}: nixpkgs.lib.nixosSystem nixosConfig;
|
mkHostFromPropagated = propagatedHostConfig@{nixosConfig,...}: nixpkgs.lib.nixosSystem nixosConfig;
|
||||||
<<<<<<< HEAD
|
|
||||||
mkHost = hostConfig: (lib.pipe [propagate mkHostFromPropagated] hostConfig);
|
mkHost = hostConfig: (lib.pipe [propagate mkHostFromPropagated] hostConfig);
|
||||||
trimNull = lib.filterAttrsRecursive (name: value: value != null);
|
trimNull = lib.filterAttrsRecursive (name: value: value != null);
|
||||||
flattenPubkey = lib.mapAttrs (hostName: meta_config: meta_config.metadata.ssh_pubkey);
|
flattenPubkey = lib.mapAttrs (hostName: meta_config: meta_config.metadata.ssh_pubkey);
|
||||||
=======
|
|
||||||
mkHost = hostConfig: (lib.pipe hostConfig [propagate mkHostFromPropagated]);
|
|
||||||
>>>>>>> 4619ea4 (rekey)
|
|
||||||
in {
|
in {
|
||||||
nixosConfigurations = lib.mapAttrs (name: hostConfig: mkHost hostConfig) config;
|
inherit config;
|
||||||
|
# nixosConfigurations = lib.mapAttrs (name: hostConfig: mkHost hostConfig) config;
|
||||||
|
nixosConfigurations = {};
|
||||||
|
debug = {
|
||||||
|
propagated = lib.mapAttrs (name: hostConfig: propagate hostConfig) config;
|
||||||
|
};
|
||||||
# {bao = "ssh-ed25519 ..."; another_host = "ssh-rsa ...";}
|
# {bao = "ssh-ed25519 ..."; another_host = "ssh-rsa ...";}
|
||||||
pubKeys = lib.getPubkey config;
|
hostKeys = trimNull (flattenPubkey config);
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,30 +1,22 @@
|
||||||
{pkgs
|
{pkgs
|
||||||
# ,nixpkgs
|
,nixpkgs
|
||||||
,proj_root
|
,proj_root
|
||||||
# ,agenix
|
,agenix
|
||||||
,nixosDefaultVersion? "22.05"
|
,nixosDefaultVersion? "22.05"
|
||||||
,defaultSystem? "x86_64-linux"
|
,defaultSystem? "x86_64-linux"
|
||||||
,...}@inputs: let
|
,...}@inputs: let
|
||||||
lib = pkgs.lib;
|
lib = pkgs.lib;
|
||||||
inputs_w_lib = (inputs // {inherit lib;});
|
serde = import ./serde.nix inputs // {inherit lib;};
|
||||||
serde = import ./serde.nix inputs_w_lib;
|
|
||||||
shellAsDrv = {script, pname}: (pkgs.callPackage (
|
|
||||||
# just a pattern that we must remember: args to this are children of pkgs.
|
|
||||||
{writeShellScriptBin}: writeShellScriptBin pname script
|
|
||||||
) {});
|
|
||||||
trimNull = lib.filterAttrs (name: value: value != null);
|
|
||||||
# ssh
|
|
||||||
flattenPubkey = lib.mapAttrs (_identity: meta_config: lib.attrByPath ["metadata" "ssh_pubkey"] null meta_config);
|
|
||||||
getPubkey = config: (lib.pipe config [flattenPubkey trimNull]);
|
|
||||||
# procedure =
|
# procedure =
|
||||||
in {
|
in {
|
||||||
# short-hand to create a shell derivation
|
# short-hand to create a shell derivation
|
||||||
# NOTE: this is pure. This means, env vars from devShells might not
|
# NOTE: this is pure. This means, env vars from devShells might not
|
||||||
# be accessible unless MAYBE they are `export`ed
|
# be accessible unless MAYBE they are `export`ed
|
||||||
inherit shellAsDrv trimNull flattenPubkey getPubkey;
|
shellAsDrv = {script, pname}: (pkgs.callPackage (
|
||||||
ssh = {
|
# just a pattern that we must remember: args to this are children of pkgs.
|
||||||
inherit flattenPubkey getPubkey;
|
{writeShellScriptBin}: writeShellScriptBin pname script
|
||||||
};
|
) {});
|
||||||
|
|
||||||
# Configures hosts as nixosConfiguration
|
# Configures hosts as nixosConfiguration
|
||||||
# mkHost = {hostName
|
# mkHost = {hostName
|
||||||
# , nixosBareConfiguration
|
# , nixosBareConfiguration
|
||||||
|
|
|
@ -1,6 +0,0 @@
|
||||||
{
|
|
||||||
imports = [./gpu.sys.nix];
|
|
||||||
boot.initrd.kernelModules = [ "amdgpu" ];
|
|
||||||
services.xserver.enable = true;
|
|
||||||
services.xserver.videoDrivers = [ "amdgpu" ];
|
|
||||||
}
|
|
|
@ -1,7 +1,6 @@
|
||||||
{pkgs
|
{pkgs
|
||||||
,lib
|
,lib
|
||||||
,proj_root
|
,proj_root
|
||||||
,...
|
|
||||||
}:{
|
}:{
|
||||||
imports = [
|
imports = [
|
||||||
./minimal.sys.nix
|
./minimal.sys.nix
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
{ pkgs, ... }: {
|
|
||||||
environment.systemPackages = [ pkgs.clinfo pkgs.lshw pkgs.glxinfo pkgs.pciutils pkgs.vulkan-tools ];
|
|
||||||
hardware.opengl = {
|
|
||||||
enable = true;
|
|
||||||
extraPackages = [ pkgs.rocm-opencl-icd pkgs.rocm-opencl-runtime ];
|
|
||||||
# Vulkan
|
|
||||||
driSupport = true;
|
|
||||||
driSupport32Bit = true;
|
|
||||||
package = pkgs.mesa.drivers;
|
|
||||||
package32 = pkgs.pkgsi686Linux.mesa.drivers;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,8 +1,7 @@
|
||||||
{ pkgs
|
{ pkgs
|
||||||
, my-lib
|
, lib
|
||||||
,...
|
|
||||||
}: {
|
}: {
|
||||||
environment.noXlibs = my-lib.mkForce false;
|
environment.noXlibs = lib.mkForce false;
|
||||||
# TODO: wireless networking
|
# TODO: wireless networking
|
||||||
|
|
||||||
# Enable the X11 windowing system.
|
# Enable the X11 windowing system.
|
||||||
|
|
|
@ -1,15 +1,12 @@
|
||||||
{pkgs
|
{pkgs
|
||||||
,lib
|
,lib
|
||||||
,proj_root
|
,proj_root
|
||||||
,modulesPath
|
|
||||||
,...
|
|
||||||
}:{
|
}:{
|
||||||
imports = ["${modulesPath}/profiles/minimal.nix"];
|
|
||||||
# prune old builds after a while
|
# prune old builds after a while
|
||||||
nix.settings.auto-optimise-store = true;
|
nix.settings.auto-optimize-store = true;
|
||||||
nix.package = pkgs.nixFlakes; # nix flakes
|
nix.package = pkgs.nixFlakes; # nix flakes
|
||||||
nix.extraOptions = ''
|
nix.extraOptions = ''
|
||||||
experimental-features = nix-command flakes
|
experimental=feature = nix-command flakes
|
||||||
'';
|
'';
|
||||||
programs.neovim = {
|
programs.neovim = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -25,6 +22,6 @@
|
||||||
];
|
];
|
||||||
users.users.root = {
|
users.users.root = {
|
||||||
# openssh runs in root, no? This is because port < 1024 requires root.
|
# openssh runs in root, no? This is because port < 1024 requires root.
|
||||||
openssh.authorizedKeys.keys = lib.strings.splitString "\n" (builtins.readFile "${proj_root.configs.path}/ssh/authorized_keys");
|
openssh.authorizedKeys.keys = lib.strings.splitString "\n" (builtins.readFile "${proj_root}/ssh/authorized_keys");
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{pkgs
|
{pkgs
|
||||||
,lib
|
,lib
|
||||||
,config
|
,config
|
||||||
,...
|
|
||||||
}: {
|
}: {
|
||||||
environment.systemPackages = [pkgs.mosh];
|
environment.systemPackages = [pkgs.mosh];
|
||||||
networking.firewall = lib.mkIf config.networking.firewall.enable {
|
networking.firewall = lib.mkIf config.networking.firewall.enable {
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
{config,...}: {
|
|
||||||
imports = [./gpu.sys.nix];
|
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
services.xserver.enable = true;
|
|
||||||
services.xserver.videoDrivers = [ "nvidia" ];
|
|
||||||
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable;
|
|
||||||
}
|
|
|
@ -1,5 +1,8 @@
|
||||||
{proj_root
|
{agenix
|
||||||
,...}: {
|
,proj_root}: {
|
||||||
|
imports = [
|
||||||
|
agenix.nixosModule
|
||||||
|
];
|
||||||
age.secrets.s3fs = {
|
age.secrets.s3fs = {
|
||||||
file = "${proj_root.secrets.path}/s3fs.age";
|
file = "${proj_root.secrets.path}/s3fs.age";
|
||||||
# mode = "600"; # owner + group only
|
# mode = "600"; # owner + group only
|
||||||
|
@ -12,8 +15,5 @@
|
||||||
age.secrets._nhitrl_cred = {
|
age.secrets._nhitrl_cred = {
|
||||||
file = "${proj_root.secrets.path}/_nhitrl.age";
|
file = "${proj_root.secrets.path}/_nhitrl.age";
|
||||||
};
|
};
|
||||||
age.secrets."wifi.env" = {
|
environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
|
||||||
file = "${proj_root.secrets.path}/wifi.env.age";
|
|
||||||
};
|
|
||||||
# environment.systemPackages = [agenix.defaultPackage.x86_64-linux];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{
|
{
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
permitRootLogin = "no";
|
permitRootLogin = false;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Personal configuration on storage solution
|
# Personal configuration on storage solution
|
||||||
{ pkgs, config, lib,... }: {
|
{ pkgs, config, lib }: {
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
pkgs.s3fs
|
pkgs.s3fs
|
||||||
pkgs.cifs-utils
|
pkgs.cifs-utils
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
{config,...}: {
|
|
||||||
networking.wireless.enable = true;
|
|
||||||
networking.wireless.environmentFile = config.age.secrets."wifi.env";
|
|
||||||
networking.wireless.networks = {
|
|
||||||
"Hoang Sa".psk = "@DESERT_PSK@";
|
|
||||||
"Truong Sa".psk = "@DESERT_PSK@";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -230,7 +230,7 @@
|
||||||
};
|
};
|
||||||
amd_rx470 = {
|
amd_rx470 = {
|
||||||
# early amd gpu usage
|
# early amd gpu usage
|
||||||
boot.initrd.kernelModules = ["amdgpu"];
|
# boot.initrd.kernelModules = ["amdgpu"];
|
||||||
services.xserver.enable = true;
|
services.xserver.enable = true;
|
||||||
services.xserver.videoDrivers = ["amdgpu"];
|
services.xserver.videoDrivers = ["amdgpu"];
|
||||||
};
|
};
|
||||||
|
|
|
@ -19,10 +19,10 @@ fi
|
||||||
SCRIPT_DIR=$(realpath $(dirname $0))
|
SCRIPT_DIR=$(realpath $(dirname $0))
|
||||||
echo "SCRIPT_DIR: ${SCRIPT_DIR}"
|
echo "SCRIPT_DIR: ${SCRIPT_DIR}"
|
||||||
|
|
||||||
SYSNIX_DIR="${SCRIPT_DIR}/.."
|
SYSNIX_DIR="${SCRIPT_DIR}/../nix-conf/system"
|
||||||
|
|
||||||
# Copy hardware-configuration of existing machine onto our version control
|
# Copy hardware-configuration of existing machine onto our version control
|
||||||
SYSNIX_PROF="${SYSNIX_DIR}/hosts/${HOSTNAME}"
|
SYSNIX_PROF="${SYSNIX_DIR}/profiles/${HOSTNAME}"
|
||||||
HARDWARE_CONF="${SYSNIX_PROF}/hardware-configuration.nix"
|
HARDWARE_CONF="${SYSNIX_PROF}/hardware-configuration.nix"
|
||||||
if [ ! -f "${HARDWARE_CONF}" ]; then
|
if [ ! -f "${HARDWARE_CONF}" ]; then
|
||||||
mkdir "$SYSNIX_PROF"
|
mkdir "$SYSNIX_PROF"
|
||||||
|
|
31
secrets.nix
31
secrets.nix
|
@ -1,21 +1,10 @@
|
||||||
let
|
(import
|
||||||
inherit ((import
|
(
|
||||||
(
|
let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
|
||||||
let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in
|
fetchTarball {
|
||||||
fetchTarball {
|
url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
|
||||||
url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
|
sha256 = lock.nodes.flake-compat.locked.narHash;
|
||||||
sha256 = lock.nodes.flake-compat.locked.narHash;
|
}
|
||||||
}
|
)
|
||||||
)
|
{ src = ./.; }
|
||||||
{ src = ./.; }
|
).defaultNix.secrets
|
||||||
).defaultNix) secrets;
|
|
||||||
inherit (secrets) pubKeys;
|
|
||||||
inherit (pubKeys) users hosts;
|
|
||||||
all = users // hosts;
|
|
||||||
c_ = builtins;
|
|
||||||
in {
|
|
||||||
"secrets/s3fs.age".publicKeys = c_.attrValues (all);
|
|
||||||
"secrets/s3fs.digital-garden.age".publicKeys = c_.attrValues (all);
|
|
||||||
"secrets/_nhitrl.age".publicKeys = c_.attrValues (all);
|
|
||||||
"secrets/wifi.env.age".publicKeys = c_.attrValues (all);
|
|
||||||
}
|
|
||||||
|
|
Binary file not shown.
|
@ -1,10 +1,10 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 ahbzMg Lx4TLKDZ2yk3DQsM6nOOI1o+FHu0lNtT2p3PBdao+C4
|
-> ssh-ed25519 ahbzMg 6pTVLAgOY/JZVWiCFHLo8xQ4/CL6620IMaBRpqI8Wws
|
||||||
RsTScUeLmFrO6v1OOxBbyBCMBMVhsGrtu5W9iMOw8B0
|
CtJeQuy5VzKZhJnIH+/cjlKsAcg0RY2bhHTWVm+hUOY
|
||||||
-> ssh-ed25519 glsjZQ CdLCkzb1dBoG9gYdMisaZBZT+nnzfOX326CWq6cvN1s
|
-> ssh-ed25519 glsjZQ we7RCgsnODTJ8rKYhU+9tu0DmLH+98mcQKQ3I2slikM
|
||||||
UKGCxej9lZnLzsuFJnFOMpyrz7YzJrHcrFuDz8l8RQk
|
G81lsFLQR9polxme1K/MU2d8Y01PrTqtzJnVq0EMJF0
|
||||||
-> U<J-grease + A6h/F, 'mix
|
-> |-grease B\W,I9z ^Gx;$ Kk7!4,P
|
||||||
jpEa7b7rRo6bVpTr19c5ALOfaeiP0jldtpQBRWfJnma3VSo3kkDQpfa3RvPjZfD8
|
0Jl5Lhx7R8YOs9S+hUtQDDpNIqBhC/MM0N7w1MCtwYtkIIIWKfY9jkJ7+Cew2Ee5
|
||||||
Eg9Zb03MKMUAJnWwfLCXVFQqEVpSaIwI+ujLZ5Cm
|
Qb04jnE
|
||||||
--- /a+J/jeGoWwuNvDEAIGzU0WKx86oH+YRTnSexf+8NP4
|
--- b7AXWRgK45a/91iwmwt5g+CWOlU/2f4nUDfXlg/bs9A
|
||||||
!]Fµ‹O¬J’v”žó%×-ŻtÚŹŘťuzčBÉ˙}ś‡Ő"C\;D(ľ‡Ă’FŠÎ®j®ëA7&ąü<C485>˛?é.ć…J•áBa»„ąŽ˛[ŘdXr‘ŢŚO
|
¢²%;Þ3RmQÚ‹WhpÌ–VŠ;º×®¡¥VÍÚñ[zš9al¦±=cLêüva<>ëu7é,†tø±’ýUܶh^&å‰Ö¿WåJP6-ÇÒ£
n‘-ˆ¿=™]
|
Binary file not shown.
Binary file not shown.
|
@ -1,12 +0,0 @@
|
||||||
{lib,...}@inputs: let
|
|
||||||
config = {
|
|
||||||
hungtr.metadata = {
|
|
||||||
};
|
|
||||||
"hungtr@bao".metadata = {
|
|
||||||
ssh_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+1+gps6phbZboIb9fH51VNPUCkhSSOAbkI3tq3Ou0Z";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in {
|
|
||||||
homeConfigurations = {};
|
|
||||||
pubKeys = lib.getPubkey config;
|
|
||||||
}
|
|
Loading…
Reference in New Issue